Merge branch 'html-scrubber'

author: Matthew Somerville <matthew@mysociety.org> 2020-01-10 11:55:18 +0000
committer: Matthew Somerville <matthew@mysociety.org> 2020-01-10 11:55:18 +0000
commit: 9d66124566ebe5d8348ceadfeb54a7dd389e308c (patch)
tree: 60cd399d677794b768060652c160233cf0b4d569 /perllib/FixMyStreet/App/Controller/Admin
parent: 89897e5912e5ba17318917f5290561473d9b64c1 (diff)
parent: ba9efbd5b0bca630ecd6299240992efc3422dfca (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/perllib/FixMyStreet/App/Controller/Admin/Bodies.pm b/perllib/FixMyStreet/App/Controller/Admin/Bodies.pm
index ea03b146f..3b7739966 100644
--- a/perllib/FixMyStreet/App/Controller/Admin/Bodies.pm
+++ b/perllib/FixMyStreet/App/Controller/Admin/Bodies.pm
@@ -286,6 +286,7 @@ sub update_contact : Private {
     # Special form disabling form
     if ($c->get_param('disable')) {
         my $msg = $c->get_param('disable_message');
+        $msg = FixMyStreet::Template::sanitize($msg);
         $errors{category} = _('Please enter a message') unless $msg;
         my $meta = {
             code => '_fms_disable_',
author	Matthew Somerville <matthew@mysociety.org>	2020-01-10 11:55:18 +0000
committer	Matthew Somerville <matthew@mysociety.org>	2020-01-10 11:55:18 +0000
commit	9d66124566ebe5d8348ceadfeb54a7dd389e308c (patch)
tree	60cd399d677794b768060652c160233cf0b4d569 /perllib/FixMyStreet/App/Controller/Admin
parent	89897e5912e5ba17318917f5290561473d9b64c1 (diff)
parent	ba9efbd5b0bca630ecd6299240992efc3422dfca (diff)